This Data Processing Agreement (“DPA”) concluded by Mesh Security Limited, a Bitdefender owned company, incorporated and registered in Ireland (“Company”) and a business customer of the applicable Company Solutions (“Customer”) is hereby incorporated into and supplements the Email Security Solutions - Access Agreement for Company Solutions (“Agreement”) between the two parties and aims to clarify the roles and responsibilities for data protection from both parties, based on obligations imposed by the EU Regulation 2016/279 (GDPR).
This DPA shall apply for the Company Solutions as they are listed in the Agreement, where Company is a data processor of the Personal Data collected through our solutions.
DISCLAIMER: The DPA does not cover the processing of personal data by Company in its role as a Controller, for which the privacy notice (https://www.meshsecurity.io/privacy-notice) is applicable.
The DPA is formed of two parts: A. Key Terms of DPA and B. General Terms and Conditions of DPA.
In the context of this DPA, the Customer is the Data Controller and Company is the Data Processor for the personal data as defined by GDPR which is collected and processed by Company Solutions as stated herein:
A. Key terms of DPA
1. Categories of Data Subjects: Customer’s employees, representatives, customers, vendors, and/or Authorized Users and any other senders and recipients of emails for the Company Solution, as applicable.
2. Collected Data by Company Solution where Company acts as a processor:
User Data (Full names, email addresses, job titles), Email Metadata & Content (including email subject, email body content, email attachments), Technical Data (IP addresses, user agent metadata), Email Sender data (email header data)
Other data that is only technical data and may not directly or indirectly be linked to a data subject, other than link it with the data above, may also be collected according to the details in the technical specifications of the product.
There is no sensitive data presumed to be collected.
Retention: Quarantined email is retained for 30 days. Email body hashes are retained for 90 days. Spam Database (email meta data) - contains email addresses and IP addresses - retained for 1 year.
B. General Terms and Conditions of DPA
The present DPA is governed by the provisions of the General Terms and Conditions of the DPA published on Mesh website: https://www.bitdefender.com/en-us/site/view/general-terms-and-conditions-applicable-to-dpa-for-email-security-solutions.
In case of contradiction between sections A. Key terms of DPA and B. General Terms and Conditions of DPA, the provisions of Key Terms of DPA shall prevail. If there are any other terms regarding processing of Personal Data under the Agreement or other documentation provided or requested by the Customer that contradict the provisions of the DPA, the provisions of DPA shall prevail.